[Asia Economy Reporter Seulgina Jo] Yoon Jong-in, Chairman of the Personal Information Protection Commission, stated regarding the decision to increase fines for companies that violate personal information protection, "This is a measure to reflect overseas cases in a balanced manner," adding, "Simple mistakes are not subject to this, and we intend to strengthen sanctions by targeting intentional and repetitive violations."
Chairman Yoon explained this during a press briefing held on the afternoon of the 16th in response to questions about the second amendment to the Personal Information Protection Act, which was recently announced for public comment. The Personal Information Protection Commission aims to submit the amendment to the National Assembly within the first half of the year after regulatory and legislative reviews. The amendment mainly raises the maximum fine that can be imposed on companies responsible for personal information breaches to "up to 3% of total sales." The current law sets the fine at "3% of sales related to the breach."
Regarding industry opposition to the increase in fines, he said, "The direction of sanction reform is to reduce penalties on individuals while strengthening economic sanctions on companies that intentionally and repeatedly violate the law," and explained, "We have reflected global standards such as the GDPR (General Data Protection Regulation of the European Union)." The EU’s maximum fine is 4% of global sales.
Chairman Yoon also stated, "Considering that if our penalties are set too low compared to overseas legislation like the GDPR, there could be issues of domestic companies being unfairly disadvantaged," and added, "We will clarify the law to ensure proportionality and effectiveness in calculating fines." He also noted that there are already legislative cases domestically and internationally that set the fine at 3% of total sales.
Regarding the AI chatbot 'Iruda' incident, which was a hot topic earlier this year, Chairman Yoon confirmed that the investigation into Scatter Lab, the developer, for suspected violations of the Personal Information Protection Act is still ongoing and under review. He said, "The investigation is not yet complete," and "We are prioritizing this considering the impact on users and the industry, and we will complete it as soon as possible."
He evaluated the Iruda case, which sounded the alarm on AI ethics and personal information protection issues, as "the first case showing a policy implication that no matter how innovative and convenient a technology is, if personal information is not safely protected, it cannot gain public trust and must be addressed from an ethical perspective."
Furthermore, he announced, "(To prevent similar incidents) we will establish legal rights to respond to automated decision-making such as AI and prepare personal information protection guidelines for AI services." In cooperation with related ministries such as the Ministry of Science and ICT, they plan to support the development of AI-related personal information protection technologies and promote projects to strengthen protection capabilities, including encryption technologies, targeting small and medium-sized enterprises.
On the same day, regarding the amendment to the Electronic Commerce Act led by the Fair Trade Commission, he said, "Concerns about personal information infringement have been raised regarding the amendment to the Electronic Commerce Act, which requires providing the identity information of individual sellers to consumers in case of disputes," and added, "If it is judged that there is a risk of personal information infringement, we will provide opinions to resolve concerns about privacy and rights violations." The commission is currently reviewing this internally upon request from the Fair Trade Commission.
Regarding the amendment to the Electronic Financial Transactions Act promoted by the Financial Services Commission, he said, "We have agreed with the Financial Services Commission to revise provisions that may conflict with the principles of the Personal Information Protection Act." Addressing concerns that conflicts with the Personal Information Protection Act may arise during the legislative processes of various government ministries, he emphasized the unique role of the Personal Information Protection Commission by stating, "As the government-wide control tower for personal information protection, the commission has the legal authority to review and deliberate on other laws affecting personal information protection and recommend improvements to relevant agencies."
Additionally, the procedure by the European Commission to verify whether Korea’s personal information protection system is equivalent to the EU GDPR has mostly concluded on major issues. Chairman Yoon said, "The EU is finalizing the draft decision," and predicted, "Visible results will be achieved soon."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
